[Rats] Dynamic Systems in IETF RATS (was Re: 3 Use cases)

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 07 October 2019 12:32 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62C5B1200CC for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 05:32:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69NbRCImAfIB for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 05:32:12 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE3A71200B1 for <rats@ietf.org>; Mon, 7 Oct 2019 05:32:11 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [80.233.45.41]) by relay.sandelman.ca (Postfix) with ESMTPS id 346BA1F47F; Mon, 7 Oct 2019 12:32:10 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id F14EB2B6B; Mon, 7 Oct 2019 14:32:56 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
cc: "rats@ietf.org" <rats@ietf.org>
In-reply-to: <HE1PR0701MB2267E23FFE8FF91F5DAC6FD58FCF0@HE1PR0701MB2267.eurprd07.prod.outlook.com>
References: <HE1PR0701MB2267E23FFE8FF91F5DAC6FD58FCF0@HE1PR0701MB2267.eurprd07.prod.outlook.com>
Comments: In-reply-to "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com> message dated "Mon, 15 Jul 2019 08:57:23 -0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 07 Oct 2019 14:32:56 +0200
Message-ID: <1855.1570451576@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/cNvPYWmaVo0sU829uLQtNsDqX5M>
Subject: [Rats] Dynamic Systems in IETF RATS (was Re: 3 Use cases)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 12:32:14 -0000

Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com> wrote:
    > Dynamic Systems

    > All current integrity mechanism assume a certain degree of fixed
    > properties, eg: TPM's CRTM/SRTM, and known configurations. A case
    > exists where a set of, say, IoT devices each with integrity
    > measurements are attested by some Edge node. The Edge node may combine
    > the IoT device measurements into a single measurement (eg: Merkel
    > Tree). If the configuration of IoT device changes, particuarly in
    > relation to availability of device, then this combined measurement will
    > change. This changed measurement however may be a valid configuration.

    > For example, in a medical case, the set of measurement devices may be
    > rapidly changing due to necessity of network provisioning, device
    > availabiltiy etc, but the permutations of devices may still be valid.

So you are describing a system where there is an assembly of devices.
I have a few questions and want to offer a two categories:
1) the network's view of the devices is transparent.  That is, each device
   in the assembly is reachable by the network either through L2-bridging,
   L3-routing (facilited maybe by DHCPv6-PD), or because all devices are
   just connected to the same "wifi" or LLN.

2) the network's view of the devices is opaque: the network only sees some
   gateway device and perhaps all interaction is via an application layer gateway.

Case (2) seems that the layer of indirection means the assembly
gateway/controller should probably be a relying party for the devices,
and should communicate it's configuration to an attester in order to validate
it's configuration.  The network would see the resulting attestion of the
aggregate.  I don't see anything surprising or new here. Just a recursive
application of RATS.

Case (1) is therefore the more interesting case, I think.
I imagine, yes, some health care situation where the assembly is the hospital
room, and the devices are the individual monitors.  The room needs to attest
to it's ability to deal/collect the correct/complete set of information, and
one can see that the failure (or the deplection) of some device leads to the
room being "unviable", and requiring attention.

I also was thinking about an assembly that is a passenger-rail coach arranged
in a set.  Each has a series of safety sensors that the engine must
interrogate directly. But, it's not necessary for every sensor in every coach
to be functional, as there is some redundancy, not just within each vehicle,
but also because there are multiple vehicles.

===

In thinking about this, I also thought of some sf movie (Expanse, Star Trek,
Star Wars), where sensors and sub-systems get blown up/overloaded, and need
to be patched.  Chewbacca is waiting for the attestation system to agree that
all parts are installed correctly, and Han and R2D2 are effecting repairs... A
very dynamical system; but you don't get to lightspeed until is sure it won't
just kill everyone onboard.  ...
Scotty: "Captain! I canna give you warp speed until the wee attestations settle."

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [